package com.common.dingding.config;

import com.common.dingding.filter.JwtFilter;
import com.common.dingding.realm.JwtRealm;
import org.apache.shiro.authc.Authenticator;
import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
import org.apache.shiro.authz.Authorizer;
import org.apache.shiro.authz.ModularRealmAuthorizer;
import org.apache.shiro.mgt.DefaultSessionStorageEvaluator;
import org.apache.shiro.mgt.DefaultSubjectDAO;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.realm.text.IniRealm;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition;
import org.apache.shiro.spring.web.config.ShiroFilterChainDefinition;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.core.Ordered;

import javax.servlet.Filter;
import java.util.Arrays;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;

@Configuration
public class ShiroConfig {

    @Autowired
    private JwtRealm jwtRealm;

    @Autowired
    private JwtFilter jwtFilter;

//    @Bean("customSecurityManager")
//    @Primary
    @Bean
    public DefaultWebSecurityManager securityManager() {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(jwtRealm);

        // 禁用session，使用JWT
        DefaultSubjectDAO subjectDAO = new DefaultSubjectDAO();
        DefaultSessionStorageEvaluator sessionStorageEvaluator = new DefaultSessionStorageEvaluator();
        sessionStorageEvaluator.setSessionStorageEnabled(false);
        subjectDAO.setSessionStorageEvaluator(sessionStorageEvaluator);
        securityManager.setSubjectDAO(subjectDAO);

        return securityManager;
    }
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean() {
    ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
    shiroFilter.setSecurityManager(securityManager());
    System.out.println("shiroFilterFactoryBean 被调用");

    // 这里是关键！必须使用 Map 而不是 ShiroFilterChainDefinition
    Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();

    // ========== 公共资源：Swagger / OpenAPI ==========
    filterChainDefinitionMap.put("/v3/api-docs", "anon");
    filterChainDefinitionMap.put("/v3/api-docs/**", "anon");
    filterChainDefinitionMap.put("/swagger-ui.html", "anon");
    filterChainDefinitionMap.put("/swagger-ui/**", "anon");
    filterChainDefinitionMap.put("/webjars/**", "anon");

    // 允许访问的接口
    filterChainDefinitionMap.put("/api/auth/login", "anon");
    filterChainDefinitionMap.put("/hello", "anon");


    // 注册自定义过滤器
    Map<String, Filter> filters = new HashMap<>();
    filters.put("jwt", jwtFilter); // 👈 关键：将 jwtFilter 绑定到 "jwt" 名称
    shiroFilter.setFilters(filters);
    // 其他接口都需要认证
    filterChainDefinitionMap.put("/api/**", "jwt"); // ✅ 使用 "jwt" 而不是 "authc"
    shiroFilter.setFilterChainDefinitionMap(filterChainDefinitionMap);

    return shiroFilter;
}

}